What are the implications of this code?

[Tom T.]

@ therube: Thanks for adding that. I expect that the majority of sites people visit are through bookmarks or links, but the hand-typed ones just add to the belief that there should be enough hits with no referer that leaving the referer blank through RefControl is probably not much of an identifier.

[???]

It's not an issue of a "fresh browser", or restarting your browser.
Any site that you manually type the URL for will have no referrer.

Actually any site you go to from a bookmark too--which is precisely why some sites that break (financial sites primarily, it seems) will tell you not to use a bookmark to get there.

Sticking with blocked as default . Forge is always there for if and when it's needed (it's possible a forged referer can work for sites that break with a blocked referer--depends on the site).

Thanks to Tom T. and therube for helping me to realize my original idea (block) was better all along. i had seen too many posts recently claiming forge was better and i was still working it over in my mind.

[Tom T.]

It's not an issue of a "fresh browser", or restarting your browser.
Any site that you manually type the URL for will have no referrer.

Actually any site you go to from a bookmark too--
which is precisely why some sites that break (financial sites primarily, it seems) will tell you not to use a bookmark to get there.

Which is a shame, because if you bookmark their *secure* login page, and eyeball the URL before entering your creds to make sure that your bookmarks haven't been hacked/corrupted, it avoids those secure sites that still serve the login page insecurely, even though they *send* the creds securely -- an issue that's been discussed elsewhere, and was one of the reasons for the Force HTTPS FAQ feature in NoScript.

I had that happen with one bank, and that bank is the sole exception for me in RefControl. I just set it to "normal", and it works fine.

Sticking with blocked as default . Forge is always there for if and when it's needed (it's possible a forged referer can work for sites that break with a blocked referer--depends on the site).

See above. I always close and restart the browser (which also empties the sandbox) before *and* after visiting a financial or other sensitive site. "Normal" works

Thanks to Tom T. and therube for helping me to realize my original idea (block) was better all along. i had seen too many posts recently claiming forge was better and i was still working it over in my mind.

Not sure why they'd say that... worked it over in my own mind, and pretty satisfied. Glad to have helped, and thanks for raising some good points. Cheers.